SecureAuth IdP Version Affected: All
Description:
For deep linking to work with Schwab CT, they need to send the URL with ?Target=/suburl
Cause: Schwab only supports IdP initiated SAML and our IdP initiated realms only accept the Target= Parameter
Resolution:
1. Ask Schwab to set up the deep link in the following style
https://secureauth.example.com/secureAuth10/?Target=L21haW50YWluSXNzdWUuZG8
Where SecureAuth.example.com is the FQDN of your IdP and SecureAuth10 is your Schwab IdP initiated realm.
The code after the Target= is because the URL is encoded by Schwab. This just need to be the sub url.
For example, if you want to end up at https://stage.schwabct.com/example/record all schwab need to encode is the /example/record part of that url
2. Next we need to update our Post Auth page for the Schwab realm
3. Scroll down to Append HTTPS to SAML Target URL
4. Set this to False
5. Click Save
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.